I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

data for a global company that's looking to eliminate heart failure and devising new treatments for breast cancer. But he has other mission-critical responsibilities -- he runs the IT infrastructure team as well. That means data centers, networking and a vast assortment of cloud computing services.

Far from letting his tasks overwhelm, Haskill sees each side of his job benefiting the other.

"It's a rather large role, but it's great because each one of those aspects on the infrastructure side has security elements," Haskill said. "So I can really enable things a lot faster because I can integrate my security team a lot better with the infrastructure team."

Haskill's job at the company, headquartered in Cambridge, U.K., brings him in close contact with his boss, CIO Dave Smoley, who has overseen a mammoth effort to bring $600 million of outsourced IT operations back in-house -- to locations worldwide, from the U.S. to Sweden to India -- and then push a good chunk out to the cloud.

Their CISO-CIO collaboration in those migration projects is "one of the more dynamic and critical parts of what we do," Smoley said. And it has allowed AstraZeneca to save millions and consolidate systems across the globe -- all while reducing the risk of headline-grabbing data breaches.

Jeff Haskill

Maintaining those benefits, Haskill said, relies on a strong current of communication between him and his teams, Smoley and the IT side, and -- perhaps most important -- the business.

"Our CIO wants to go ahead and enable the organization in the most secure way," Haskill said, but business enablement is Smoley's primary goal. "It's my job to fully understand his strategy and also the business strategy, too, to nail what their concerns are."

Sky's the limit

An important objective for IT at AstraZeneca for the past three years, Smoley said, "has been reducing the cost profile of IT while improving the performance." That has meant grand-scale investments in cloud computing. Smoley started with packaged cloud applications: Microsoft Office 365 for email and productivity software like spreadsheets; Workday for human resource management; and Box for sharing and syncing document files.

This self-service helps minds at AstraZeneca do innovative things and do them quickly -- and having IT sanction cloud services means people will be less likely to order up their own. But it also poses challenges for cybersecurity defense, Smoley said.

"The world is shifting from the traditional, 'build the high walls and the deep moat and be careful who you let in and out,' to one of really being completely open," he said.

Old bond, new environment

That's why IT security needs to be woven into the fabric of the company, with cloud services monitored and governed through company policies, Smoley said. It's also why, in 2014, he brought over a former colleague from his previous employer, Flextronics International (now Flex). That was Haskill, who got his start at the electronics manufacturer 17 years ago working on servers and software and rose through the ranks to CISO.

Dave Smoley

"He's a very strong technologist and very experienced," said Smoley, who led IT at Flextronics. Haskill learned the business by doing, "having his fingernails dirty, repairing PCs, all the way up through the IT organization."

For Haskill's part, he and Smoley got along well in the past and developed a bond of trust, he said, which shows in the present.

"He knows how I'm going to react in certain situations; I know how he's going to react in certain situations. I know what he wants," Haskill said.

Their CISO-CIO collaboration began as soon as Haskill started three years ago -- "I knew even before I was hired at AstraZeneca what his strategy was going to be," he said of Smoley.

His first challenge was convincing business leaders in the highly regulated pharma industry that moving to the cloud leads to benefits like faster implementation of new technologies and initiatives and lower overhead costs. And also that big cloud vendors, such as Amazon and Microsoft, can better protect their data and applications than data centers can. Some folks are still squeamish about sending data into the cloud, though -- something that Haskill is working to dispel.

"As long as the compliance, security, the normal things around patching, pen testing, vulnerability scans --- [if] all that is in place, why should they even care where the data goes? And so that's what we're trying to migrate to," Haskill said.

'Point A to point B'

Today, Haskill and Smoley are working to clean up computer systems in AstraZeneca's production facilities and laboratories around the world. Many of the servers are not linked to the corporate network and are running old antivirus software, so Smoley and Haskill are doing security assessments to determine whether devices can safely connect to them. That will make it easier for scientists and lab technicians to do their jobs.

"What's happened with the rise of the cloud and the rise of data and large compute is, increasingly people in the business want the data from these systems and they want to be able to shift; they want to be able to move it around," Smoley said.

The project is emblematic of Smoley and Haskill's CISO-CIO collaboration and its larger aim: to work side by side with business leaders, understand their needs and what they want to do.

"I might have to say no, but I still have to get the business from point A to point B," Haskill said. "And I just can go ahead and offer a different, less-friction, more secure way than they were thinking of before."

Learn how AstraZeneca uses cloud access security broker technology to further secure its cloud architecture in this SearchCIO report.

2 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

This is an exciting topic. As a practitioner, we witness fair number of CIO & CISO today hardly wrap their arms around each other, yes they do collaborate but not at the level of meeting eye to eye and embrace information technology and Information Security governance as one. It can be anxieties to some organizations. Nevertheless, when CIO and CISO become more connected and share the same wavelength, substantial driving factors; such as the business values of open platform or open solution,
top-line and cost optimization, exceeding stakeholders' trust and confidence beyond shareholder can be realized through stages. Every organization will need to let go the legacy in this era, equip themselves with a mindset-shift to explore and exploit technology to bring larger returns more than winning the spur in share-price but to uphold stakeholders' values that reliably continue fueling the trust and confidence.